Threat Actors Using New Malware Toolkit That Involves IIS Backdoor, DNS Tunneling

12 September 2024

The Iranian threat actor APT34, also known as GreenBug, has recently launched a new campaign targeting Iraqi government entities by employing a custom toolset, including a novel IIS backdoor and DNS tunneling protocol. The malware used in this campaign shares similarities with previously reported APT34 malware families, such as Karkoff, Saitama, and IIS Group 2. The threat actor’s use of compromised email accounts within the targeted organizations highlights their ability to infiltrate victim networks effectively, which strongly suggests a connection between this campaign and APT34’s ongoing activities in the region. The installer used to deploy the Spearal malware bears the Iraqi General Secretariat of the Council of Ministers logo.

Source: GBHackers

Date:

12 September 2024

Categorie(s):

NEWS

Tag(s):

APT34, Backdoors, Cyber Security News, Cyberespionage, IIS

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware5 November 2024
Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints5 November 2024
Pakistani Hackers Targeted High-Profile Indian Entities using Custom RAT5 November 2024
Leveraging Wazuh for Zero Trust security5 November 2024
APT36 Hackers Attacking Windows Deevices With ElizaRAT5 November 2024